Apple released hordes of patches for OS X, iOS, Safari and iOS Server, including fixes for the DYLD vulnerability disclosed in July.
Tag Archives: Web Security
OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars
The OwnStar attack that hacker Samy Kamkar revealed late last month can be used against not only GM vehicles, but cars manufactured by Mercedes-Benz, BMW, and Chrysler, as well. The attack allows Kamkar to intercept the traffic from nearby mobile phones that have specific apps open that control safety and security features on their vehicles. […]
Salesforce Patches XSS on a Subdomain
Salesforce.com patched a cross-site scripting vulnerability on one of its domains that could have led to phishing attacks.
Zero Day in Android’s Google Admin App Can Bypass Sandbox
The Android security team at Google is having a busy month. First the Stagefright vulnerabilities surfaced last month just before Black Hat and now researchers at MWR Labs have released information on an unpatched vulnerability that allows an attacker to bypass the Android sandbox. The vulnerability lies in the way that the Google Admin application […]
OpenSSH 7.0 Fixes Four Flaws
A new version of OpenSSH has been released, fixing four security vulnerabilities and a number of non-security related bugs. OpenSSH 7.0 includes patches for a use-after-free vulnerability and three other flaws, two of which only affect Portable OpenSSH. The maintainers of the software also gave users notice that the next version of the software would […]
Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool
Facebook doubles the payout of its Internet Defense Prize with a $100,000 award to a team of Georgia Tech researchers for a new class of browser-based memory-corruption vulnerabilities and a corresponding detection technique.
Vulnerabilities Identified in Several WordPress Plugins
Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress.
Cisco Warns Customers About Attacks Installing Malicious IOS Bootstrap Images
Cisco is warning enterprise customers about a spike in attacks in which hackers use valid credentials on IOS devices to log in as administrators and then upload malicious ROMMON images to take control of the devices. The ROM Monitor is the program that initializes the hardware and software on IOS devices, and an attacker who […]
Firefox 40 Begins Warning Users About Unsigned Add-Ons
With Tuesday’s release of Firefox 40, Mozilla has begun the process of requiring all add-ons for the browser to be signed. The company announced the forthcoming change in February, and Firefox 40 is the first version to warn users about unsigned add-ons. The goal for the change in policy is to protect users from malicious extensions […]
Twitter Adds Email Privacy Data to Transparency Report
The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014. In its latest transparency report, Twitter said that it received 2,436 information requests from the U.S. government from […]